From d6c3b5c4cb0bb63bd646f6f3d74b675cc7a2b3db Mon Sep 17 00:00:00 2001 From: rahul Date: Tue, 17 Dec 2024 16:39:15 +0530 Subject: [PATCH 1/9] release now uses reusable workflow --- .github/workflows/release-integration.yml | 142 ++++------------------ 1 file changed, 25 insertions(+), 117 deletions(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index fc776443..af5d6dd4 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -8,121 +8,29 @@ on: tags: - "v*" -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INTEGRATION: "prometheus" - ORIGINAL_REPO_NAME: "newrelic/nri-prometheus" - REPO_FULL_NAME: ${{ github.event.repository.full_name }} - TAG: ${{ github.event.release.tag_name }} - S3_PATH: s3://nr-downloads-main/infrastructure_agent - TAG_SUFFIX: "" # This suffix is used for pre-release only - jobs: - test-nix: - name: Run unit tests on *Nix - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Unit tests - run: make ci/test - - test-windows: - name: Run unit tests on Windows - runs-on: windows-latest - env: - GOPATH: ${{ github.workspace }} - defaults: - run: - working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - path: src/github.com/${{env.ORIGINAL_REPO_NAME}} - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod" - - name: Running unit tests - shell: pwsh - run: | - .\build\windows\unit_tests.ps1 - - integration-release: - name: Use goreleaser for releasing - runs-on: ubuntu-latest - needs: [test-nix, test-windows] - steps: - - name: checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: setup Go - uses: actions/setup-go@v5 - with: - go-version-file: "go.mod" - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.FSI_DOCKERHUB_USERNAME }} - password: ${{ secrets.FSI_DOCKERHUB_TOKEN }} - - name: Add pre-release tag - if: ${{ github.event.release.prerelease }} - run: | - echo "TAG_SUFFIX=-pre" >> $GITHUB_ENV - - name: do the release - # The release target is not being executed inside a container (ci/release) since the target - # compiles docker images (from goreleaser) and that cannot be done inside a container. - run: make release - env: - GENERATE_PACKAGES: true - PRERELEASE: ${{ github.event.release.prerelease }} - - name: release fips - # FIPS packages need to be built in the fips container - # TODO: It should be refactored when we change the way docker images are being built - run: make ci/prerelease-fips - env: - GENERATE_PACKAGES: true - PRERELEASE: ${{ github.event.release.prerelease }} - - - if: ${{ github.event.release.prerelease }} - name: Update title for successful pre-release - env: - GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}" - run: | - gh release edit ${{ github.event.release.tag_name }} --title "${{ github.event.release.tag_name }}" - - notify-failure: - if: ${{ always() && failure() }} - needs: [test-nix, test-windows, integration-release] - runs-on: ubuntu-latest - steps: - - name: Notify failure via Slack - uses: archive/github-actions-slack@master - with: - slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }} - slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }} - slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [release pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})." - - update-release-title-on-failure: - if: ${{ always() && failure() }} - needs: [test-nix, test-windows, integration-release] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - if: ${{ github.event.release.prerelease }} - name: Reflect failure in pre-release title - env: - GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}" - run: | - gh release edit ${{ github.event.release.tag_name }} --title "${{ github.event.release.tag_name }} (pre-release-failure)" - - if: ${{ ! github.event.release.prerelease }} - name: Reflect failure in release title - env: - GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}" - run: | - gh release edit ${{ github.event.release.tag_name }} --title "${{ github.event.release.tag_name }} (release-failure)" + container-release: + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform + with: + original_repo_name: "newrelic/nri-prometheus" + docker_platforms: "linux/amd64,linux/arm64" + docker_image_name: "newrelic/nri-prometheus" + integration_name: "prometheus" + s_three_path: "s3://nr-downloads-main/infrastructure_agent" + go_version_file: "go.mod" + + run_nix_unit_tests: true + run_windows_unit_tests: true + run_integration_tests: false + + use_build_push_action: false # Using custom release command + use_custom_release: true + + release_command: | + make release + make ci/prerelease-fips + + secrets: + docker_username: ${{ secrets.FSI_DOCKERHUB_USERNAME }} + docker_password: ${{ secrets.FSI_DOCKERHUB_TOKEN }} + bot_token: ${{ secrets.COREINT_BOT_TOKEN }} \ No newline at end of file From 7ae6a45263f718ce430ff6baa3f50b27e3d2b0aa Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 19 Dec 2024 16:32:22 +0530 Subject: [PATCH 2/9] points to the correct workflow --- .github/workflows/release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index af5d6dd4..8be86989 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,7 +10,7 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 with: original_repo_name: "newrelic/nri-prometheus" docker_platforms: "linux/amd64,linux/arm64" From a2ae2d341337b49d66575d7f3eced53d8c738743 Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 19 Dec 2024 16:36:50 +0530 Subject: [PATCH 3/9] back to testing --- .github/workflows/release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 8be86989..af5d6dd4 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,7 +10,7 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform with: original_repo_name: "newrelic/nri-prometheus" docker_platforms: "linux/amd64,linux/arm64" From d4b8c628b4275bdbab73af1f5477d05541986d25 Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 19 Dec 2024 16:44:51 +0530 Subject: [PATCH 4/9] points to the correct workflow --- .github/workflows/release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index af5d6dd4..8be86989 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,7 +10,7 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 with: original_repo_name: "newrelic/nri-prometheus" docker_platforms: "linux/amd64,linux/arm64" From 9411ad20b2879db1cd3084fb8fe46dcbe658e133 Mon Sep 17 00:00:00 2001 From: rahul Date: Wed, 1 Jan 2025 14:52:29 +0530 Subject: [PATCH 5/9] build push action no longer used, security scheduled is handled by nightly --- .github/workflows/release-integration.yml | 8 ++------ .github/workflows/security.yml | 25 ++--------------------- 2 files changed, 4 insertions(+), 29 deletions(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 8be86989..6cf889c1 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,7 +10,7 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform with: original_repo_name: "newrelic/nri-prometheus" docker_platforms: "linux/amd64,linux/arm64" @@ -21,12 +21,8 @@ jobs: run_nix_unit_tests: true run_windows_unit_tests: true - run_integration_tests: false - use_build_push_action: false # Using custom release command - use_custom_release: true - - release_command: | + release_command_sh: | make release make ci/prerelease-fips diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index e7f93f26..f52ff5bc 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -6,11 +6,8 @@ on: - main - renovate/** pull_request: - schedule: - - cron: "0 3 * * *" jobs: - # Note: Snyk SaaS is already configured for this repository, which does not need a workflow to run trivy: name: Trivy security scan runs-on: ubuntu-latest @@ -20,28 +17,10 @@ jobs: - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master - if: ${{ ! github.event.schedule }} # Do not run inline checks when running periodically + if: contains(fromJSON('["push", "pull_request"]'), github.event_name) with: scan-type: fs ignore-unfixed: true exit-code: 1 severity: 'HIGH,CRITICAL' - skip-dirs: 'tools' - - - name: Run Trivy vulnerability scanner sarif output - uses: aquasecurity/trivy-action@master - if: ${{ github.event.schedule }} # Generate sarif when running periodically - with: - scan-type: fs - ignore-unfixed: true - severity: 'HIGH,CRITICAL' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - skip-dirs: 'tools' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - if: ${{ github.event.schedule }} # Upload sarif when running periodically - with: - sarif_file: 'trivy-results.sarif' + skip-dirs: 'tools' \ No newline at end of file From 136545fdad4124ad2419fb2b528ba84cc22a4457 Mon Sep 17 00:00:00 2001 From: rahul Date: Wed, 1 Jan 2025 15:35:37 +0530 Subject: [PATCH 6/9] configure for no build push action and DOCKER_IMAGE_TAG --- .github/workflows/release-integration.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 6cf889c1..561928a2 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -13,12 +13,14 @@ jobs: uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform with: original_repo_name: "newrelic/nri-prometheus" - docker_platforms: "linux/amd64,linux/arm64" docker_image_name: "newrelic/nri-prometheus" integration_name: "prometheus" - s_three_path: "s3://nr-downloads-main/infrastructure_agent" + + docker_platforms: "linux/amd64,linux/arm64,linux/arm" go_version_file: "go.mod" - + generate_packages: true + bucket_url: "s3://nr-downloads-main/infrastructure_agent" + run_nix_unit_tests: true run_windows_unit_tests: true From 824e86fbd43a98f522ec63911470b697ad3a3a35 Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 9 Jan 2025 14:23:17 +0530 Subject: [PATCH 7/9] use defaults and pointing to the right workflow --- .github/workflows/release-integration.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 561928a2..09a3efff 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,16 +10,14 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 with: original_repo_name: "newrelic/nri-prometheus" docker_image_name: "newrelic/nri-prometheus" integration_name: "prometheus" - docker_platforms: "linux/amd64,linux/arm64,linux/arm" - go_version_file: "go.mod" generate_packages: true - bucket_url: "s3://nr-downloads-main/infrastructure_agent" + # bucket_url: uses default run_nix_unit_tests: true run_windows_unit_tests: true From 9247712df6b7e79531c3caf61b8818dd4d492404 Mon Sep 17 00:00:00 2001 From: rahul Date: Mon, 20 Jan 2025 13:44:17 +0530 Subject: [PATCH 8/9] back to testing setting own env variables --- .github/workflows/release-integration.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 09a3efff..8d78871a 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,19 +10,23 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform with: original_repo_name: "newrelic/nri-prometheus" docker_image_name: "newrelic/nri-prometheus" integration_name: "prometheus" - generate_packages: true - # bucket_url: uses default - run_nix_unit_tests: true run_windows_unit_tests: true release_command_sh: | + export GENERATE_PACKAGES=true + export S3_PATH=${S3_BASE_FOLDER} + if [[ "${{ github.event.release.prerelease }}" == "true" ]]; then + export TAG_SUFFIX="-pre" + else + export TAG_SUFFIX="" + fi make release make ci/prerelease-fips From 609fd547573821abb22a7accfe63949462e85adb Mon Sep 17 00:00:00 2001 From: rahul Date: Mon, 20 Jan 2025 14:02:30 +0530 Subject: [PATCH 9/9] points back to right workflow... test successful --- .github/workflows/release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 8d78871a..f70701e1 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -10,7 +10,7 @@ on: jobs: container-release: - uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@NR-341876-Make-docker-images-pre-release-uniform + uses: newrelic/coreint-automation/.github/workflows/reusable_image_release.yaml@v3 with: original_repo_name: "newrelic/nri-prometheus" docker_image_name: "newrelic/nri-prometheus"